1

I'm writing a backup program for personal (for the moment at least) use.

For some directories (network directories / protected directories) credentials are needed to access them.

I can setup different jobs in the program to run at specific times.

These jobs are stored in an XML file.

I want to also store the usernames and passwords which the jobs will need.

What and where would be the best way to store these?

Changing permissions on the directories is not an option.

Thanks in advance!

PeeHaa
  • 71,436
  • 58
  • 190
  • 262

2 Answers2

2

You should never store the logon password for a user in Windows in order to be able to access a local directory. Instead, your backup program should run as a user that has the SeBackupPrivilege enabled (i.e. run the backup from a service that runs as the local system). This means that you won't need to change the permissions.

You may also need to make sure that you are doing a Volume Shadow Copy first that you are copying from - don't copy directly from the disk since that may cause your backup to be inconsistent.

Also, you need to take special care for encrypted files and will need to use ReadEncryptedFileRaw for this.

villintehaspam
  • 8,540
  • 6
  • 45
  • 76
  • Is the local system account also able to copy from network directories? If not. How to cope with (passworded) network directories? – PeeHaa Jan 06 '11 at 20:09
  • 1
    No, the local system is not likely to be able to copy from remote directories. However, the remote scenario is a totally different story - is this a separate computer that has other primary users, is it a server, is it a network drive, is it at home or in an office (with a domain)? These are all different cases. – villintehaspam Jan 06 '11 at 20:15
  • There is 1 Linux server. And 1 fileserver in the domain. And 2 user machines also in the domain. I'm now running a cronjob on the linux machine every night on the linux machine and a scheduled task everynight on the file server. To copy the file to a backup folder on the specific machine which runs the backup app. I do the same for the user machines only at logon. Thanks for you help! – PeeHaa Jan 08 '11 at 15:59
1

You could execute the backup program as a scheduled task, running as a specific user.

As for storing passwords you can store them using IsolatedStorage and using a two way encryption to make it harder for someone to decipher the file if they manage to find it.

Check out this SO question for implementing two-way encryption.

Community
  • 1
  • 1
Mikael Svenson
  • 39,181
  • 7
  • 73
  • 79
  • Running the program as the specific user is not an option. Cause different directories will require different credentials. I think two way encryption is always used with a key? What if I want to publish the app in the future. In that case I don't want the key to be the same (think reverse engineering). How to tackle that? Questions questions. :P Please tell me if I'm way off. :) Thanks! – PeeHaa Jan 06 '11 at 20:05
  • 1
    You could generate the key in your code based on several factors like machine name, domain name, username of the person installing the software etc. Also se this SO question http://stackoverflow.com/questions/99880/generating-a-unique-machine-id – Mikael Svenson Jan 06 '11 at 20:16